Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enrich an SBOM using OSSF Security Score Card #598

Open
4 tasks
AyanSinhaMahapatra opened this issue Feb 8, 2023 · 3 comments · May be fixed by #1294
Open
4 tasks

Enrich an SBOM using OSSF Security Score Card #598

AyanSinhaMahapatra opened this issue Feb 8, 2023 · 3 comments · May be fixed by #1294
Assignees
@404-geek

Comments

@AyanSinhaMahapatra
Copy link
Member

AyanSinhaMahapatra commented Feb 8, 2023
edited
Loading

From @pombredanne

We already have SBOM export (and import) options in scancode.io supporting SPDX and CycloneDX
SBOMs, and we can enrich this data using the public https://github.com/ossf/scorecard#public-data
or the RestAPI at: https://api.securityscorecards.dev/.
@tdruez
Copy link
Contributor

tdruez commented Feb 15, 2023

We should implement this as a new pipeline. The enrich data can be included in the exports when available.

@rabajaj0509
Copy link

I am interested to work on this issue as part of the GSoC program 2023, how can I get more involved in the project?

@tdruez
Copy link
Contributor

tdruez commented Feb 16, 2023

@rabajaj0509 https://scancodeio.readthedocs.io/en/latest/contributing.html is a good start.

404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
@404-geek
Add ScoreCard config into settings.py
173db43 
developed functions to check for availability nexB#598

Signed-off-by: 404-geek <[email protected]>
@404-geek 404-geek mentioned this issue Jun 26, 2024
Closed
404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
@404-geek
code style fix nexB#598
272b99c 
Signed-off-by: 404-geek <[email protected]>
404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
@404-geek
settings.py code style fix nexB#598
bc445c1 
Signed-off-by: 404-geek <[email protected]>
404-geek referenced this issue in 404-geek/scancode.io Jul 7, 2024
@404-geek
created basic fetch and availability functions for scorecode pipeline…
c2f5c4d 
… nexB#598

Signed-off-by: 404-geek <[email protected]>
@404-geek 404-geek linked a pull request Jul 26, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@404-geek 404-geek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Scorecard Integration 404-geek/scancode.io
4 participants
@tdruez @rabajaj0509 @AyanSinhaMahapatra @404-geek